Thanks, Maxim.

You were right: I did my tests improperly...

What is the use of the 'none' value then? Should not there be only the
'off' one?
There must be some benefit to it, but I fail to catch it.
---
*B. R.*

On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:
>
> > Based on the default value of ssl_session_cache
> > <
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache>,
> > nginx does not store any session parameter, but allows client with the
> > right Master Key to reuse their ID (and the parameters they got).
> >
> > Since nginx, does not cache anything and is thus unable to revalidate
> > anything but the Master Key, isn't it a violation of the RFC not to
> > validate all the parameters?
>
> You are misunderstanding what "ssl_session_cache none" does. It
> doesn't allow anything to be reused, just says so to clients.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx